PETALING JAYA: While there is no such thing as being “100% secure” from cyberthreats, there are still ways for organisations to take protective steps, says CyberSecurity Malaysia (CSM).
Its chief executive officer Datuk Dr Amirudin Abdul Wahab said organisations must continue to invest in improving public awareness while building cybersecurity skills and expertise.
“There is no such thing as being 100% secure from cyberthreats due to the ever-changing nature of the Internet... but we can be ready to deal with them when they hit.
“The most important action is for an organisation to strategise and implement cybersecurity to lessen the impact of cyberattacks.
“The organisations must know how to act and recover once attacked.
“Of course, there is still much room for improvement for organisations in Malaysia to prepare for the attacks,” he said in an interview.
He was speaking to The Star in the wake of the recent cyberattack on the Immigration Department website.
Amirudin said the government has recognised the importance of cybersecurity as a national security issue and taken steps to improve its cybersecurity infrastructure and capabilities.
Cybersecurity, he added, is essential for the government in protecting citizens as well as data and investments that are critical to the nation.
Towards this end, CSM, which is the national cybersecurity specialist and technical agency under the purview of the Communications and Digital Ministry, works closely with various critical sectors including the National Cyber Security Agency (Nacsa).
“Overall, while there is still work to be done, the Malaysian government has committed to improving its cybersecurity infrastructure and capabilities to protect its citizens, critical infrastructure and national security,” he said.
CSM has also taken strong initiatives to enhance cybersecurity technology and protect digital assets against cyberthreats, said Amirudin.
It has provided specialised cybersecurity services such as responsive and proactive services and awareness programmes, and also provides technical support to organisations experiencing security incidents, he said.
“We assist system administrators in identifying, containing, resolving and rectifying incidents by following our incident response steps and guidelines,” he added.
On April 4, the Immigration Department website was hit by a hacker with the handle “CaptainSmok3r.”
Immigration director-general Datuk Ruslin Jusoh had said the cyberattack was a “defacement”, where the main page of its website was replaced with another image.
However, other links related to immigration services were unaffected, he said, adding that the department had taken corrective action by shutting down the page to prevent access and repairing and reconfiguring the website’s security systems.
Ruslin said its information technology department had also held meetings with Nacsa and CSM.
In May last year, a data leak was reported by local tech portal Amanz, where a 160GB database with personal details of 22 million Malaysians belonging to the National Registration Department was being sold for US$10,000 (RM43,950) on the dark web.